Control
English
FrançaisEnglishPortuguês
English
FrançaisEnglishPortuguês
  • Control documentation
  • Detoxio documentation
  • API documentation
  • Guides
    • Glossary
    • Calculation of metrics
    • Help and support
    • Control+
    • First steps on Control
      • Create an account
      • Global search
  • Introduction
    • Home
    • Favorite devices
    • Device map
  • Devices
    • Dashboard
    • Dashboard of a device
      • Dashboard
        • Cyberweather
        • Metrics
        • Cybermap
      • Endpoints
      • Flow
      • Cleaner
      • Alerts
        • Advanced (beta)
      • Report
      • Settings
        • Global
        • Subnetworks
        • IP filtering
        • Local network
        • Information and statistics
        • Installation
    • Public IP address
      • Analyse
      • Affected devices
      • Reports
  • Gestion
    • Device fleet
    • User accesses
Propulsé par GitBook
Sur cette page
  • Device alerts
  • Types of alerts
  • Cyberweather alert
  • Flow alerts
  • Bandwidth alert
  • Disconnection alert

Cet article vous a-t-il été utile ?

  1. Devices
  2. Dashboard of a device

Alerts

The alerts are divided into two parts. The classic alerts presented on this page and the advanced alerts.

PrécédentCleanerSuivantAdvanced (beta)

Dernière mise à jour il y a 1 an

Cet article vous a-t-il été utile ?

Device alerts

The Alerts section allows you to set up alerts for a device.

Alerts are sent by email to the email address of the logged in user.

Types of alerts

Cyberweather alert

When the level changes

Every hour, the cyber weather level of the day is evaluated. If it has increased compared to the last assessment, an alert is sent.

Daily cyberweather report

The report is an alert that is sent out every day with the previous day's cyber weather.

The alert is triggered every day at the first hour (local time of the device).

Flow alerts

Toxic flows

The toxic flow alert is triggered when flows with one or more toxic IP addresses have been reported by the device. This is done every hour.

Suspect flows

The Suspicious Flow Alert is triggered when flows to one or more IP addresses in the Suspicious Remote IP Addresses list are reported by the device.

If no IP address is configured in the list, then no alert will be sent.

Critical flows (discontinued)

The critical flow alert is triggered when flows with one or more toxic IP addresses with a critical threat are brought up by the device.

This alert has been deleted. You can use advanced alerts by selecting the type(s) of threat for which an alert should be triggered.

Bandwidth alert

If a single endpoint on the network generates more than 40% of the network flows within an hour, then a bandwidth alert will be sent.

Using this alert for a supervised network with very few endpoints is not recommended.

If only one endpoint is present, then it will use 100% of the bandwidth and the alert will be triggered.

Disconnection alert

If the device does not report any logs for more than one hour, then its status changes to disconnected and the alert is triggered.

In addition, when the device reconnects to services, a reconnection alert will be sent.

A disconnection / reconnection alert will always be sent to the technical reseller contacts configured in the Reseller form of the device fleet.

This alert cannot be disabled.

Device alerts